By AnotherIFMG
Pre-execution safety layer that blocks dangerous shell commands and credential file reads using pattern matching + LLM analysis. Fail-closed design.
Hardstop - Pre-execution safety layer for shell commands. Shows status and help.
Show Hardstop audit log entries
Disable Hardstop protection temporarily
Enable Hardstop protection
Skip Hardstop safety check for the next command only
Executes bash commands
Hook triggers when Bash tool is used
Own this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimOwn this plugin?
Verify ownership to unlock analytics, metadata editing, and a verified badge. GitHub access is read-only (username + org membership).
Sign in to claimBased on adoption, maintenance, documentation, and repository signals. Not a security audit or endorsement.
Executables (bin/) β files in this plugin's bin/directory are added to the Bash tool's PATH while the plugin is enabled.
π β Star on GitHub if Hardstop keeps you safe!
Pre-execution safety validation for AI coding agents. Validates every shell command against 428 security patterns before execution β blocking destructive operations, credential theft, infrastructure teardown, and prompt injection. Fail-closed: blocks by default when uncertain.
Ecosystem: The detection patterns are published separately as hardstop-patterns (GitHub) β reusable in any Node.js tool.
Installation β’ How It Works β’ Commands β’ Report Issue
You trust your AI, but you shouldn't trust it with rm -rf / or reading your ~/.aws/credentials. Hardstop sits between the LLM and your system, enforcing a strict Fail-Closed policy on dangerous operations.
&&, |, ;).ssh, .aws, .env) (v1.3)Claude tries to ruin your day? Hardstop says no.
# Claude attempts a home directory deletion
$ rm -rf ~/
π BLOCKED: Deletes home directory
# Claude tries to read your AWS credentials
$ Read ~/.aws/credentials
π BLOCKED: AWS credentials file
# You check the status
$ /hs status
Hardstop v1.4.3
Status: π’ Enabled
Session Risk: Moderate (35/100)
Blocked: 2 commands this session
# One-time bypass for a command you trust
$ /hs skip
βοΈ Next command will skip safety check
# Multi-skip: bypass next 3 commands (v1.3.2)
$ /hs skip 3
βοΈ Next 3 commands will skip safety check
# View recent security decisions
$ /hs log
2026-01-20 10:30:45 π [pattern] rm -rf ~/
ββ Deletes home directory
Hardstop uses a two-layer verification system for Bash commands and pattern-based protection for file reads.
graph TD
A[Tool Call] --> B{Bash or Read?};
B -- Bash --> C{Layer 1: Patterns};
C -- Dangerous Pattern --> D[π BLOCK];
C -- Safe Pattern --> E[β
ALLOW];
C -- Unknown --> F{Layer 2: LLM Analysis};
F -- Risky --> D;
F -- Safe --> E;
B -- Read --> G{Credential File?};
G -- .ssh/.aws/.env --> D;
G -- Source Code --> E;
D --> H[Log to Audit];
E --> I[Execute];
The 428 detection patterns (Layer 1) are published as a standalone npm package: hardstop-patterns β usable in any Node.js tool, not just Hardstop.
PatchPilot - Package vulnerability scanner that blocks risky npm/pip/brew installations.
| Tool | Focus | What It Protects |
|---|---|---|
| Hardstop | Command execution safety | Blocks dangerous commands (rm -rf /, credential theft) |
| PatchPilot | Package installation security | Blocks packages with known CVEs |
Use both for complete Claude Code security:
# Install PatchPilot (package vulnerability scanning)
npx patchpilot-cli install
# Install Hardstop (command execution safety)
npx hardstop install
Why both? PatchPilot secures your dependencies, Hardstop secures your execution layer. No overlapβthey're complementary.
npx claudepluginhub anotherifmg/hardstopPlugin that includes the Figma MCP server and Skills for common workflows
Plan, execute, and measure digital marketing across all channels. 25 specialist agents handle strategy, SEO, paid ads, content, email, social, PR, analytics, CRO, and agency operations β with brand voice enforcement, quality evaluation, multilingual support, and persistent campaign memory.
Transform codebases into developer content. 5-phase gated workflow, 3 parallel agents, 9 content formats (blog, tutorial, Twitter, LinkedIn, README, newsletter, video script, conference talk, product launch).
Harness-native ECC operator layer - 67 agents, 278 skills, 94 legacy command shims, reusable hooks, rules, selective install profiles, and production-ready workflows for Claude Code, Codex, OpenCode, Cursor, and related agent harnesses
Complete collection of battle-tested Claude Code configs from an Anthropic hackathon winner - agents, skills, hooks, and rules evolved over 10+ months of intensive daily use
Comprehensive skill pack with 66 specialized skills for full-stack developers: 12 language experts (Python, TypeScript, Go, Rust, C++, Swift, Kotlin, C#, PHP, Java, SQL, JavaScript), 10 backend frameworks, 6 frontend/mobile, plus infrastructure, DevOps, security, and testing. Features progressive disclosure architecture for 50% faster loading.